Communication system

ABSTRACT

A system effective to communicate a message between two devices. A first device may include a plaintext to monoid element module effective to receive a plaintext message and apply a first function to the plaintext message to produce a first monoid element. A monoid element evaluator module may be effective to receive and insert submonoid generators into a monoid expression to produce a second monoid element in response. An encryption device module may be effective to apply a second function to the first monoid element, the second monoid element, the monoid expression, and a third monoid element to produce an encrypted plaintext message. Decryption may be performed on the encrypted plaintext message knowing the private key which includes the first function, the second function, the third monoid element and the submonoid generators list.

BACKGROUND OF THE INVENTION

In a symmetric or private key encryption communication system, twodevices in possession of a common secret or private key can perform bothencryption and decryption using the secret key. A plaintext message maybe encrypted using the secret key to produce encrypted plaintext or acyphertext. The cyphertext may be decrypted using the secret key tore-produce the plaintext. Examples of such protocols date back to earlyhistory, with the classic Caesar cipher being an early instance of asecret key being used to secure communications. Symmetric encryptionprotocols typically take one of two forms. The stream cipher is aprotocol where individual bits are encrypted one at a time. The Caesarcipher, and German Enigma machine are both instances of such protocols.A block cipher is a protocol where the data to be encrypted is firstbroken into a union of blocks of a fixed size, and then each of saidblocks is encrypted by the protocol.

SUMMARY OF THE INVENTION

One embodiment of the invention is a device effective to communicate amessage. The device may include a memory, wherein the memory iseffective to include a first function, a list of submonoid generators, asecond function, and a first monoid element. The device may furtherinclude a first module in communication with the memory, the firstmodule effective to receive a message and apply the first function tothe message to produce a second monoid element. The device may furtherinclude a second module in communication with the memory, the secondmodule effective to receive and insert the submonoid generators into atleast one monoid expression to produce a third monoid element. Thedevice may further include a third module in communication with thememory, in communication with the first module, and in communicationwith the second module, the third module effective to apply the secondfunction to the first monoid element, the second monoid element, themonoid expression, and the third monoid element to produce an encryptedmessage.

Another embodiment of the invention is a device effective to decrypt anencrypted message. The device may include a memory, wherein the memoryis effective to include a first function, a list of submonoidgenerators, a second function, and a first monoid element. The devicemay further include a first module in communication with the memory, thefirst module effective to receive a monoid expression in the encryptedmessage, the first module effective to insert the submonoid generatorsinto the monoid expression to produce a second monoid element. Thedevice may further include a second module in communication with thememory and the first module. The second module may be effective toreceive a third monoid element in the encrypted message, receive thesecond function, and receive the first monoid element. The second modulemay be further effective to receive the second monoid element, and applythe second function to the third monoid element, to the inverse of thesecond monoid element, and to the inverse of the first monoid element toproduce a fourth monoid element. The device may further include a thirdmodule in communication with the memory and the second module, the thirdmodule effective to apply the first function to the fourth monoidelement to produce the message.

Another embodiment of the invention is a system effective to communicatea message. The system may comprise a first device in communication witha second device over a network. The first device may include a firstmemory. the first memory may be effective to include a first function, alist of submonoid generators, a second function, and a first monoidelement. The first device may include a first module in communicationwith the first memory, the first module effective to receive a messageand apply the first function to the message to produce a second monoidelement. The first device may include a second module in communicationwith the memory. The second module may be effective to receive andinsert the submonoid generators into at least one monoid expression toproduce a third monoid element. The first device may include a thirdmodule in communication with the memory, in communication with the firstmodule, and in communication with the second module. The third modulemay be effective to apply the second function to the first monoidelement, the second monoid element, the monoid expression, and the thirdmonoid element to produce an encrypted message including a fourth monoidelement and the monoid expression. The second device may include asecond memory, wherein the second memory is effective to include thefirst function, the list of submonoid generators, the second function,and the first monoid element. The second device may include a fourthmodule in communication with the second memory. The fourth module may beeffective to receive the monoid expression in the encrypted message, thefourth module effective to insert the submonoid generators into themonoid expression to re-produce the third monoid element. The seconddevice may include a fifth module in communication with the secondmemory and the fourth module. The fifth module may be effective toreceive the fourth monoid element in the encrypted message, receive thesecond function, receive the first monoid element, and receive the thirdmonoid element. The fifth module may further be effective to apply thesecond function to the fourth monoid element, the inverse of the firstmonoid element and the inverse of the third monoid element to producethe second monoid element. The second device may include a sixth modulein communication with the second memory and the fifth module, the sixthmodule effective to apply the first function to the second monoidelement to re-produce the message.

BRIEF DESCRIPTION OF THE FIGURES

The foregoing and other features of this disclosure will become morefully apparent from the following description and appended claims takenin conjunction with the accompanying drawings. Understanding that thesedrawings depict only some embodiments in accordance with the disclosureand are therefore not to be considered limiting of its scope, thedisclosure will be described with additional specificity and detail byreference to the accompanying drawings in which:

FIG. 1 is a system drawing of a communication system in accordance withan embodiment of the invention.

FIG. 2 is a flow diagram illustrating a process which could be performedin accordance with an embodiment of the invention.

FIG. 3 is a flow diagram illustrating a process which could be performedin accordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT(S)

In the following detailed description, reference is made to theaccompanying drawings which form a part thereof. In the drawings,similar symbols typically identify similar components unless contextindicates otherwise. The illustrative embodiments described in thedetailed description, drawings and claims are not meant to be limiting.Other embodiments may be utilized and other changes may be made withoutdeparting from the spirit or scope of the subject matter presentedherein. It will be readily understood that the aspects of the presentdisclosure as generally described herein and as illustrated in theaccompanying figures can be arranged, substituted, combined, separatedand/or designed in a wide variety of different configurations all ofwhich are explicitly contemplated herein.

Referring to FIG. 1, there is shown a communication system 100 which maybe used in accordance with an embodiment of the invention. Incommunication system 100, a first device 106 may communicate with asecond device 112 over a network 110. Network 110 may include, forexample, a wireless network, a wired network, the Internet, a cellularnetwork, a near field communication (NFC) network, a radio frequencyidentification (RF-ID) network, a cloud computing environment, etc.

First device 106 may be operated by a first user 102 and second device112 may be operated by a second user 116. First device 106 may includean encryption module 118 and a decryption module 120. Similarly, seconddevice 112 may include an encryption module 122 and a decryption module124. Encryption module 118 may be configured to perform the samefunctions and operations as encryption module 122. Decryption module 120may be configured to perform the same functions and operations asdecryption module 124.

First device 106 may receive plaintext 104, such as from user 102, andencrypt plaintext 104 using encryption module 118 and a private key toproduce encrypted plaintext 108. First device 106 may send encryptedplaintext 108 over network 110 to second device 122. Second device 122may receive encrypted plaintext and decrypt encrypted plaintext 108using the decryption module 124 and the private key to produce decryptedplaintext 114.

Encryption modules 118 and 122 may include an ordered pair of functionsT=(T₀, T₁) 126, a pseudorandom number generator (PRNG) 128, a secretsubmonoid generators list w₁, w₂, . . . w_(s) 130, a plaintext to monoidelement module 134, and/or a random monoid expression generator module.The ordered pair of functions T, may include a first function T₀effective to map text to a monoid element and second function T₁ whichmay be effective to map a monoid element to text. Encryption modules 118and 122 may further include a function

136, an encryption device module 138, a monoid element evaluator module140 and/or a secret fixed monoid element β₀ 142. At least some of thesemodules may be in communication with a memory 144 and/or a processor146. For example, data elements of the private key such as the orderedpair of functions T=(T₀, T₁) 126, secret submonoid generators list w₁,w₂, . . . w_(s) 130, function

136, and secret fixed monoid element β₀ 142 may be stored in memory 144.Processor 146 could have a relatively small processing power such aswith a 5 MHz clock cycle. Memory 144 could have a relatively small sizeand have, for example, 1 kb of memory. Modules could be implemented assoftware such as with a processor and/or in hardware or firmware.

Plaintext 104 could be any data desired to be encrypted. For example,plaintext 104 may be a block of data m. A relatively large block of datamay be broken into smaller blocks of data m to be encrypted. Function T₀126 may be effective to map letters in plaintext (m) 104 into monoidelements. Monoid elements may be, for example, matrices with entries ina finite field. Plaintext to monoid element module 134 may receiveplaintext 104 and ordered pair of functions T 126, and apply function T₀126 to plaintext (m) 104 to produce monoid element T₀(m). Monoid elementT₀(m) is forwarded to encryption device module 138. The ordered pair offunctions T=(T₀, T₁) 126 may be part of the private key used to encryptand decrypt plaintext 104 as illustrated by the gray shading.

Pseudorandom number generator 128 may generate and forward a randominteger number R to random monoid expression generator module 132.Random monoid expression generator module 132 may be in communicationwith memory 144. Memory 144 may include one or more monoid expressions.Random number R may be used by random monoid expression generator module132 to select a random monoid expression B_(R) with s variables. Randommonoid expression B_(R) is forwarded to encryption device module 138 andto monoid element evaluator module 140.

Secret submonoid generators list 130 may be stored in memory 144 andincludes submonoid generators w₁, w₂, . . . w_(s). Submonoid generatorsw₁, w₂, . . . w_(s) are also part of the private key as illustrated bythe gray shading. Monoid element evaluator module 140 receives randommonoid expression B_(R) and submonoid generators w₁, w₂, . . . w_(s).Monoid element evaluator module 140 inserts submonoid generators w₁, w₂,. . . w_(s) into monoid expression B_(R) to produce monoid elementβ_(R). Monoid element β_(R) is forwarded to encryption device module138. Secret fixed monoid element β₀ 142 is also sent to encryptiondevice module 138 and is part of the private key, as illustrated by thegray shading.

Encryption device module 138 may receive function

136, monoid element T₀(m), monoid expression B_(R), monoid elementβ_(R), and monoid element β₀. Encryption device module 138 may applyfunction

136 to monoid element T₀(m), monoid expression B_(R), monoid elementβ_(R), and monoid element β₀ to produce encrypted plaintext 148.Encrypted plaintext 148 may include an ordered pair with a first entrythat is a monoid element and a second entry that is the selected monoidexpression: {

(T₀(m), β_(R)·β₀), B_(R)}.

Decryption modules 120 and 124 may include function

136, secret submonoid generators list w₁, w₂, . . . w_(s) 130, adecryption device module 162, a monoid element evaluator module 160,secret fixed monoid element β₀ 142, a monoid element to plaintext module164, and/or ordered pair of functions T=(T₀, T₁) 126. At least some ofthese modules may be in communication with a memory 166 and/or aprocessor 168. For example, data elements of the private key such asordered pair of functions T=(T₀, T₁) 126, secret submonoid generatorslist w₁, w₂, . . . w_(s) 130, one way function

136, and secret fixed monoid element β₀ 142 may be stored in memory 166.Processor 168 could have relatively small processing power such as witha 5 MHz clock cycle. Memory 166 could be relatively small in size andhave, for example, 1 kb of memory. As both encryption modules 118, 122and decryption modules 120, 124 may be in the same device, commonmodules, processing and data may be shared among these modules. Forexample, encryption module 118 and decryption module 120 may share thesame memory, processor or monoid element evaluator module.

As shown, decryption module 124 may receive encrypted plaintext 148 andforward the monoid element

(T₀(m), β_(R)·β₀) of encrypted plaintext 148 to decryption device module162. Function

136 is forwarded to decryption device module 162. Monoid expressionB_(R), the second element of encrypted plaintext 148, may be extractedfrom encrypted plaintext 148 and forwarded to monoid element evaluatormodule 160. Monoid element evaluator module 160 may also receivesubmonoid generators w₁, w₂, . . . w_(s) of secret submonoid generatorslist 130. Monoid element evaluator module 160 may re-produce monoidelement β_(R) by inserting submonoid generators list w₁, w₂, . . . w_(s)130 into monoid expression B_(R). Monoid element evaluator module 160may forward monoid expression β_(R) to decryption device module 162.

Decryption device module 162 may receive secret fixed monoid element β₀,monoid element β_(R), function

136, and encrypted plaintext 148. Decryption device module 162 may applyfunction

136 to the inverse of secret fixed monoid element β₀, the inverse ofmonoid element β_(R), and the first element of encrypted plaintext 148to re-produce monoid element T₀(m) as shown below.

(T ₀(m),β_(R)·β₀)·β₀ ⁻¹·β_(R) ⁻¹=

(T ₀(m),β_(R)·β₀·β₀ ⁻¹·β_(R) ⁻¹)=

(T ₀(m),1_(M))=T ₀(m).

Decryption device module 162 may forward monoid element T₀(m) to monoidelement to plaintext module 164. Monoid element to plaintext module 164may apply function T₁ 126 to monoid element T₀(m) to re-produceplaintext m 104.

Function

may be a one-way function that is computable but difficult to reverse.In an example, an instance of a one-way function based symmetricencryption protocol utilizes an Algebraic Eraser. An Algebraic Erasermay include a specified 6-tuple (M×S, N, Π, E, A, B) where

M and N are monoids,

S is a group that acts on M (on the left),

M

S denotes the semi-direct product,

A and B denote submonoids of M

S, and

Π denotes a monoid homomorphism from M to N. The E-function, also calledE-multiplication, is defined by

E:(N×S)×(M

S)→(N×S)

E((n,s),(m ₁ ,s ₁))=(nΠ(^(s) m ₁),s s ₁).

It is observed that the E-function satisfies the following identity:

E((n,s),(m ₁ ,s ₁)·(m ₂ ,s ₂)))=E(E((n,s),(m ₁ ,s ₁)),(m ₂ ,s ₂)).

Function

may be an Algebraic Eraser (M

S, N, Π, E, A, B). Letting M=M

S, N=N

S, function

is defined as follows: given (n₀, s₀)∈N

S and (m, s₁)∈M

S let

N×M→N denote the function:

((n ₀ ,s ₀)(m,s ₁))=E((n ₀ ,s ₀),(m,s ₁))=((n ₀Π(^(s) ⁰ m),s ₀ s ₁).

The above E-function identity enables the following definition of aright action: given an arbitrary element (n, s)∈N, and (m, s₁)∈M, definethe right action of (m, s₁) on n=(n₀, s₀) by

((n ₀ ,s ₀)·(m ₁ ,s ₁))=E((n ₀ ,s ₀),(m,s ₁))=((n ₀Π(^(s) ⁰ m),s ₀ s ₁).

The identities may be:

(n,g ₁ g ₂)=

(n,g ₁)·g ₂,

and

(n,1_(M))=n

for all n∈N, g₁, g₂∈M. Said identities are seen to be valid: for allg_(i)=(m_(i),s_(i)), i=1, 2, and n=(n₀, s₀),

(n, g₁ ⋅ g₂) = E((n₀, s₀), ((m₁, s₁) ⋅ (m₂, s₂))) = E((n₀, s₀), (m₁^(s1), s₁s₂)) = (n₀Π( ^(s₀)(m₁^(s1))), s₀s₁s₂) = (n₀∏( ^(s₀)(m₁))∏(^(s₀s₁))), s₀s₁s₂) = E((n₀∏ ( ^(s₀)(m₁)), s₀s₁), (m₂, s₂)) = E(E((n₀, s₀), (m₁, s₁)), (m₂, s₂)) = (n, g₁) ∘ g₂

Furthermore, letting 1_(M), 1_(S), denote the identity elements of M, S,respectively,

(n,1_(M))=E((n ₀ ,s ₀),(1_(M),1_(S)))=nΠ(1_(M)),s ₀·1_(S))=(n,s ₀),

since s₀ acting on the Π(1_(M)), results in 1_(M), Π(1_(M))=1_(M), ands₀·1_(S)=s₀. This demonstrates that this function may be used to producea symmetric encryption protocol as described herein.

Another instance of a function that may be used is a function wheremonoids M and N are chosen to be a group G. Defining relators of G mayallow for an effective rewriting or cloaking of group elements, and aconjugacy equation in G may be relatively difficult to solve. Thisinsures that the function

: G×G→G defined by the equation,

(x,g)=g ⁻¹ ×g=

(g ⁻¹ ×g),

where x, g∈G, is a one-way function. In this setting it may be desirableto rewrite or cloak the output of the encryption mechanism. Let G act onitself by conjugation: if g, g₁∈G, define

g·g ₁ =g ₁ ⁻¹ g g ₁.

(x,g₁g₂)=

(g₁)·g₂, is easily verified:

(x, g₁, g₂) = (g₁g₂)⁻¹ × (g₁g₂) = g₂⁻¹g₁⁻¹ × g₁g₂ = g₂⁻¹(g₁⁻¹ × g₁)g₂ = g₂⁻¹(x, g₁)g₂ = (g₁) ∘ g₂.

This demonstrates that the function

can be in the symmetric encryption protocol described herein.

Among other benefits, using a system in accordance with this disclosuremay produce a secure communication system with a relatively simpleprocessor and a small memory. Environments with relatively simpledevices can be provided with secure communication capability. Messagescan be encrypted and decrypted relatively quickly.

Referring to FIG. 2, there is shown a process which could be performedin accordance with an embodiment of the invention. The process could beperformed using, for example, system 100 discussed above.

As shown, at step S2, a plaintext to monoid element module may receive aplaintext message and a first function. At step S4, the plaintext tomonoid element module may apply the first function to the plaintextmessage to produce a monoid element. At step S6, a random monoidexpression generator may receive a random number and generate a monoidexpression in response.

At step S8, a monoid element evaluator module may receive submonoidgenerators and the monoid expression. At step S10, the monoid elementevaluator module may insert the submonoid generators into the monoidexpression and produce a second monoid element in response. At step S12,an encryption device module may receive a second function, the firstmonoid element, the second monoid element, the monoid expression, and athird monoid element. At step S14, the encryption device module mayapply the second function to the first monoid element, the second monoidelement, the monoid expression, and the third monoid element to producean encrypted plaintext message.

Referring to FIG. 3, there is shown a process which could be performedin accordance with an embodiment of the invention. The process could beperformed using, for example, system 100 discussed above.

As shown, at step S20, a monoid element evaluator module may receive amonoid expression in an encrypted plaintext message. At step S22, themonoid element evaluator module may insert submonoid generators into themonoid expression to produce a first monoid element. At step S24, adecryption device module may receive a second monoid element in theencrypted plaintext message, a second function, the first monoidelement, and a third monoid element. At step S26, the decryption devicemodule may apply a first function to the first monoid element, thesecond monoid element and the third monoid element to produce a fourthmonoid element. At step S28, a monoid element to plaintext module mayreceive the fourth monoid element and a second function. At step S30,the monoid element to plaintext module may apply the second function tothe fourth monoid element to produce a plaintext message.

While various aspects and embodiments have been disclosed herein, otheraspects and embodiments will be apparent to those skilled in the art.The various aspects and embodiments disclosed herein are for purposes ofillustration and are not intended to be limiting, with the true scopeand spirit being indicated by the following claims.

What is claimed is:
 1. A device effective to communicate a message, thedevice comprising: a memory, wherein the memory is effective to includea first function, a list of submonoid generators, a second function, anda first monoid element, a first module in communication with the memory,the first module effective to receive a message and apply the firstfunction to the message to produce a second monoid element; a secondmodule in communication with the memory, the second module effective toreceive and insert the submonoid generators into at least one monoidexpression to produce a third monoid element; and a third module incommunication with the memory, in communication with the first module,and in communication with the second module, the third module effectiveto apply the second function to the first monoid element, the secondmonoid element, the monoid expression, and the third monoid element toproduce an encrypted message.
 2. The device as recited in claim 1,further comprising: a random number generator effective to produce arandom number; and a fourth module in communication with the randomnumber generator and the memory, the fourth module effective to receivethe random number and generate the monoid expression in response.
 3. Thedevice as recited in claim 1, wherein the encrypted message includes anordered pair with a first entry that is a fourth monoid element and asecond entry that is the monoid expression.
 4. The device as recited inclaim 1, wherein the second function is a one way function.
 5. Thedevice as recited in claim 1, wherein the second function is a 6-tuple(M

S, N, Π, E, A, B) where M and N are monoids, S is a group that acts onM, M

S denotes the semi-direct product, A and B denote submonoids of M

S, Π denotes a monoid homomorphism from M to N, E is defined byE:(N×S)×(M

S)→(N×S)E((n,s),(m ₁ ,s ₁))=(nΠ(^(s) m ₁),s s ₁), M=M

S, N=N

S, and the function

is defined as: given (n₀, s₀)∈N

S and (m, s₁)∈M

S let

: N×M→N denote the function:

((n ₀ ,s ₀)(m,s ₁))=E((n ₀ ,s ₀),(m,s ₁))=((n ₀Π(^(s) ⁰ m),s ₀ s ₁). 6.The device as recited in claim 1, wherein the second function isselected such that monoids M and N are chosen to be a group G and

(x,g)=g ¹ ×g=c(g ¹ ×g), where x, g∈G.
 7. The device as recited in claim1, wherein: the message is a first message; the monoid expression is afirst monoid expression; the encrypted message is a first encryptedplaintext message; the device is effective to receive a second encryptedmessage including a fourth monoid element and a second monoidexpression, and the second module is effective to receive the secondmonoid expression and insert the submonoid generators into the secondmonoid expression to produce a fifth monoid element; and the devicefurther comprises: a fourth module in communication with the memory andthe second module, the fourth module effective to receive the fourthmonoid element in the second encrypted plaintext message, receive thesecond function, receive the first monoid element, receive the fifthmonoid element, and apply the second function to the fourth monoidelement, the inverse of the fifth monoid element and the inverse of thefirst monoid element to produce a sixth monoid element; a fifth modulein communication with the memory and the fourth module, the fifth moduleeffective to receive the sixth monoid element and the first function,and apply the first function to the sixth monoid element to produce asecond message.
 8. The device as recited in claim 1, wherein: themessage is a first message and the device further comprises: a randomnumber generator effective to produce a first random number; and afourth module in communication with the random number generator and thememory, the fourth module effective to receive the first random numberand generate the monoid expression in response, where the monoidexpression is a first monoid expression; and wherein the first module iseffective to receive a second message and apply the first function tothe second message to produce a fourth monoid element; the random numbergenerator is further effective to produce a second random number; thefourth module is further effective to receive the second random numberand generate a second monoid expression in response; the second moduleis effective to receive and insert the submonoid generators into thesecond monoid expression to produce a fifth monoid element; and thethird module is effective to apply the second function to the firstmonoid element, the fourth monoid element, the second monoid expression,and the fifth monoid element to produce another encrypted message. 9.The device as recited in claim 1, further comprising: a random numbergenerator effective to produce a random number; and a fourth module incommunication with the random number generator and the memory, thefourth module effective to receive the random number and generate themonoid expression in response; wherein the encrypted message includes anordered pair with a first entry that is a fourth monoid element and asecond entry that is the monoid expression; the first function is amapping function; and the second function is a one way function.
 10. Adevice effective to decrypt an encrypted message, the device comprising:a memory, wherein the memory is effective to include a first function, alist of submonoid generators, a second function, and a first monoidelement, a first module in communication with the memory, the firstmodule effective to receive a monoid expression in the encryptedmessage, the first module effective to insert the submonoid generatorsinto the monoid expression to produce a second monoid element; a secondmodule in communication with the memory and the first module, the secondmodule effective to receive a third monoid element in the encryptedmessage, receive the second function, receive the first monoid element,receive the second monoid element, and apply the second function to thethird monoid element, to the inverse of the second monoid element, andto the inverse of the first monoid element to produce a fourth monoidelement; a third module in communication with the memory and the secondmodule, the third module effective to apply the first function to thefourth monoid element to produce the message.
 11. The device as recitedin claim 10, wherein the second function is a one way function.
 12. Thedevice as recited in claim 10, wherein the second function is a 6-tuple(M

S, N, Π, E, A, B) where M and N are monoids, S is a group that acts onM, M

S denotes the semi-direct product, A and B denote submonoids of M

S, Π denotes a monoid homomorphism from M to N, E is defined byE:(N×S)×(M

S)→(N×S)E((n,s),(m ₁ ,s ₁))=(nΠ(^(s) m ₁),s s ₁), M=M

S, N=N

S, and the function

is defined as: given (n₀, s₀)∈N

S and (m, s₁)∈M

S let

: N×M→N denote the function:

((n ₀ ,s ₀),(m,s ₁))=E((n ₀ ,s ₀),(m,s ₁))=((n ₀Π(^(s) ⁰ m),s ₀ s ₁).13. The device as recited in claim 10, wherein the second function isselected such that monoids M and N are chosen to be a group G and

(x,g)=g ⁻¹ ×g=

(g ⁻¹ ×g), where x, g∈G.
 14. A system effective to communicate amessage, the system comprising: a first device in communication with asecond device over a network; wherein the first device includes a firstmemory, wherein the first memory is effective to include a firstfunction, a list of submonoid generators, a second function, and a firstmonoid element, a first module in communication with the first memory,the first module effective to receive a message and apply the firstfunction to the message to produce a second monoid element; a secondmodule in communication with the memory, the second module effective toreceive and insert the submonoid generators into at least one monoidexpression to produce a third monoid element; and a third module incommunication with the memory, in communication with the first module,and in communication with the second module, the third module effectiveto apply the second function to the first monoid element, the secondmonoid element, the monoid expression, and the third monoid element toproduce an encrypted message including a fourth monoid element and themonoid expression; wherein the second device includes a second memory,wherein the second memory is effective to include the first function,the list of submonoid generators, the second function, and the firstmonoid element, a fourth module in communication with the second memory,the fourth module effective to receive the monoid expression in theencrypted message, the fourth module effective to insert the submonoidgenerators into the monoid expression to re-produce the third monoidelement; a fifth module in communication with the second memory and thefourth module, the fifth module effective to receive the fourth monoidelement in the encrypted message, receive the second function, receivethe first monoid element, receive the third monoid element, and applythe second function to the fourth monoid element, the inverse of thefirst monoid element and the inverse of the third monoid element toproduce the second monoid element; and a sixth module in communicationwith the second memory and the fifth module, the sixth module effectiveto apply the first function to the second monoid element to re-producethe message.
 15. The system as recited in claim 14, wherein the networkis a near field communications network
 16. The system as recited inclaim 14, wherein: the network is an RF-ID network, the first device isone of a tag or a reader; and the second device is the other of the tagor the reader.
 17. The system as recited in claim 14, wherein the firstdevice further comprises: a random number generator effective to producea random number; and a seventh module in communication with the randomnumber generator, the seventh module effective to receive the randomnumber and generate the monoid expression in response.
 18. The system asrecited in claim 14, wherein the second function is a one way function.19. The system as recited in claim 14, wherein the second function is a6-tuple (M

S, N, Π, E, A, B) where M and N are monoids, S is a group that acts onM, M

S denotes the semi-direct product, A and B denote submonoids of M

S, Π denotes a monoid homomorphism from M to N, E is defined byE:(N×S)×(M

S)→(N×S)E((n,s),(m ₁ ,s ₁))=(nΠ(^(s) m ₁),s s ₁), M=M

S, N=N

S, and the function

is defined as: given (n₀, s₀)∈N

S and (m, s₁)∈M

S let

: N×M→N denote the function:

((n ₀ ,s ₀),(m,s ₁))=E((n ₀ ,s ₀),(m,s ₁))=((n ₀Π(^(s) ⁰ m),s ₀ s ₁).20. The system as recited in claim 14, wherein the first device furthercomprises: a random number generator effective to produce a randomnumber; and a seventh module in communication with the random numbergenerator, the seventh module effective to receive the random number andgenerate the monoid expression in response; wherein the first functionis a mapping function; and the second function is a one way function.